Are you Vulnerable to a breach due to the “Heartbleed” Bug?
The “Heartbleed” Bug is a serious information security issue sweeping the globe. It is a powerful attack affecting businesses of all sizes and industries. Digital Defense, Inc. (DDI) has teams of vulnerability researchers and personal security analysts addressing concerns, mitigating risk and answering commonly asked questions.
Q: What is the “Heartbleed” Bug?
A: The “Heartbleed” Bug is a serious information security issue. It is a powerful attack that allows an attacker to decrypt captured network traffic and view previously encrypted content.
Q: What is “encrypted content”?
A: Encrypted content could be part of a secure e-mail sent via encrypted means, a home banking transaction, or information being transmitted to an online healthcare platform. Additionally, passwords for "cloud" platforms and SSL-based VPNs are potentially impacted as well.
Q: What types of systems are affected by “Heartbleed” Bug?
A: In essence, any system utilizing “HTTPS” or some other secure means of SSL-based encryption may be at risk. As such SSL-based VPNs, firewalls utilizing HTTPS on management interfaces, SSL-enabled web proxies, and many other systems can potentially be impacted by the vulnerability.
Q: Can DDI test for the vulnerability associated with “Heartbleed” Bug?
A: Yes! DDI has developed a robust, proprietary test that is actively validating whether or not a system is vulnerable to “Heartbleed” Bug. The test can be run alone, or with the full suite of vulnerability tests available to our clients.
Q: Why is DDI’s test more effective than those available for free on the internet?
A: DDI offers a proprietary test that leverages components within our vulnerability scanning subsystem that the free tools do not. Additionally, many of these tools only test one system at a time and one TCP port at a time. DDI’s test can scan multiple systems and multiple ports rapidly, giving businesses the intelligence they need more quickly and efficiently than a simple web-based tool.
Another important factor to consider is that the free tools do not provide any level of support. As such, if you find that you have a system that is vulnerable to “Heartbleed” Bug, you may have to do your own research or work with the vendor providing the system yourself to have the matter resolved. DDI clients are provided multiple levels of support, up to and including access to our vulnerability researchers and Personal Security Analysts (PSAs). This unprecedented level of support ensures that the business can secure their systems quickly and with greater assurance of accuracy implementing remediation efforts that positively impact the security of the system.
Organizations should be wary of Free scanning tools promoted on the internet. The author of the tool just might be a hacker who has found a way to access sensitive data by posing as a legitimate security source.
Q: What can a business do if they want to learn more about “Heartbleed” Bug and how DDI can assist them in addressing the issue?
A: If you are concerned about being a victim of this attack, we can help. DDI can help your organization through proven methodology that reduces risk and secures information and intellectual property. To learn more, contact us.